Getting the most from online services – keeping your information safe
Guidance on privacy, confidentiality, security and consent
When our patients register for on-line services, some of the questions we are asked relate to the concerns over the privacy and confidentiality of personal health information and will that be affected once individuals have opened up to using the internet to access their personal information and request services.
In conjunction with Griftech who provide the technology and support behind this Practice website and advice from members of our PPG, we have put together this guide which we trust will help to give our patients an insight into this sometimes complex area and which we hope clearly demonstrates the many careful steps that have been taken to ensure that ‘patient information privacy’ and confidentiality remains the utmost priority for the services we provide direct to our patients.
As ever, we welcome your views and any questions you might have which can be raised in person or via the electronic form on this page. Responses to such questions (no personal details will be included) might be used as part of our frequently asked questions page to help others.
Protecting your health information in general – some definitions
Privacy, is the right expressed by an individual to prevent access by others to themselves. For citizens enrolled with the National Health Service in the UK (NHS), it is only in exceptional circumstances (often when an individual requires protection eg on a witness protection programme) that individuals are able to retain total privacy. In those situations, ‘demographic data’ – name and address details – are prevented from being shared between agencies within the NHS. For the vast majority of patients however, basic information about them is shared fairly routinely but under strict confidentiality guidelines overseen by a Caldicott Guardian who is a senior person responsible for “protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing” – safeguarding the interests of individual patients. An individual’s medical record is also subject to these strict controls on who can and can’t see medical information and on what grounds and this is how confidentiality is maintiained. The NHS has a published standard called the Care Record Service guarantee that makes this clear.
Further definitions on privacy and confidentiality and how it affects our patients can be found on the Tameside and Glossop Primary Care Trust website
Patient access to electronic health records – the steps taken to protect your privacy
Patients at Haughton Thornley Medical Centres have several options they can opt for to access services over the internet.
1. Ordering repeat prescriptions
2. Accessing their GP electronic health records
The first service can be accessed by patients by asking for their PIN (Personal Identification Number) from the receptionist and then registering on-line once they get home using those PIN numbers and as part of the process patients create their own unique passwords. Requesting the PIN number activates the patients account, without this, it is impossible for anyone to access the system – the system is therefore inherently secure and requires a positive action on the part of the patient to open it up.
Access to the full GP electronic health record requires a patient to also complete an on-linequestionnaire as well as a consent form which you have to sign and hand in to the Practice. The questionnaire and consent forms are sent to patients via email (this ensures that we have the correct email details) once a request for access has been made – if a staff member takes your email details from you then you are already authenticated (i.e. we know you as a patient on our list).
Please note: It is possible to just sign up for ordering repeat prescritions and booking appointments on-line without having full access to the GP electronic health record.
What does all this mean?
By using this process, patients give the Practice their explicit consent to open up their records for internet access. No one other than the patient is able to access the record as unique PINs are issued in each individual case – patients (sometimes referred to as service users) are then able to complete the registration and change passwords to something more memorable and there is also a change password facility built in so patients may change a password from time to time. You the patient are then in control and you have the choice to share those PINs and passwords with whom YOU like. So, if you want your spouse and / or your children to access your records on your behalf then you are free to do so but the responsibility of sharing those PINs and passwords is yours.
Important note: If at any time you change your mind and decide you do not want others to access your GP electronic health record, you can change the passwords directly on the system or contact the Practice and we can help. We can also switch off access to the GP electronic health record at any time if you so wish.
Please note: we do NOT recommend that you share your pin numbers or passwords with healthcare workers.
If somebody needs to know the contents of your electronic health record and you agree that they can see it then you should enter the PIN and password privately (like you would when typing in your PIN for your credit card) and then turn the screen to share it with the healthcare professional so that they can see your record. We also recommend that you log out of the system when the healthcare professional has finished. That way there can be no accusation that the healthcare professional has accessed your medical records without your authority.
One further consideration is what happens if you become unconscious and hence nobody is able to access your medical records because you are unable to give them permission. We recommend that everybody should have a contact name in their mobile phone called “ICE” which stands for In Case of Emergency. Paramedics, police, doctors etc. are trained to look in the phone of someone who is unconscious for this contact name and to then ring it. You may choose for that person whom you have nominated as your “next of kin” to have the PIN and passwords for this eventuality. They may then be able to pass the details on to the relevant body if they feel it is in your best interests. If you choose to do this then it may also be prudent to change your passwords at your earliest convenience too. This safeguards your privacy and of course protects the emergency worker from any accusation of inappropriate access to your record. This is something patients at Haughton Thornley Medical Centres thought of and again is an option for you to consider for you and your loved ones. By the way, having an “ICE” entry in your mobile phone makes sense whether or not you share your PIN and passwords details.
Once a patient has requested and been granted access to online services, there are a series of measures in place within the computer system to protect our patients information privacy and there are also a number of precautions that patients should be aware of themselves which involve good practice when accessing personal information.
The information security measures in place safeguard our patients from unauthorised access by any other individual and can be explained as follows:
- Accessing EMIS Access from the Practice website www.htmc.co.uk
- Using a memorable password as described here
- Do not leave your password in “secret” places that you think nobody will think of eg under your keyboard, in the drawer next to your computer etc etc.
- Get into the habit of changing your passwords regularly
And finally if you are still unsure about whether Records Access is for you then consider this:
What is more important for YOU – your LIFE or your REPUTATION. If it is your life and if you want the best possible care when you fall ill then you should probably consider GETTING ACCESS to your health record – it may save your life one day. If on the other hand YOUR REPUTATION is more important and you really do not want some “secretive information in your electronic health record becoming available accidentally or otherwise” then you probably ought to choose not to have access to your electronic GP record. Of course you can ALWAYS come and discuss this with your clinician, friends and family or whom YOU TRUST to help you make this decision. And of course do keep listening around you, on TV and the radio and in newsapers because this is a discussion and debate that no doubt will continue for a long time yet to come.
We at Haughton Thornley Medical Centres – in conjunction with Griftech – are keen to support patients and the public to help understand some of the complex issues discussed here but also to offer assistance to get the best healthcare possible in a world where information is increasingly available 24 hours a day 7 days a week 365 days a year from anywhere in the world and available at the end of a click! We are keen to build a Partnership of Trust and this page has been produced to help support you, us and the system as a whole.
Please feel free to contact us on [email protected] if you have any further views, comments etc